Barry Margolin <bar...@alum.mit.edu> wrote: > > [Validation is] only untroublesome until someone screws things up on > their auth server. When one of your users can't access something.gov, > they'll complain to YOU, even though it's mostly out of your hands. > > This is true for other problems on auth servers as well, of course. But > DNSSEC is new enough that there tend to be more failures of this kind, > even by organizations that until now have seemed to know what they're > doing.
Some of the early DNSSEC deployments (especially in .gov) did not use good tooling. That's much less of a problem now. See for instance the big DNSSEC deployments in Sweden, Czech, Brazil. Even third party DNSSEC screwups have not caused us much trouble. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Faeroes: Northeasterly backing northerly, 4 or 5, increasing 6 or 7 for a time in east. Moderate, becoming rough later in far east. Showers. Good. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users